From: Shobhit Raj Mathur (shobhit@cs.washington.edu)
Date: Tue Nov 23 2004 - 21:17:03 PST
Intercepting Mobile Communications: The Insecurity of 802.11
============================================================
Wired Equivalent Privacy (WEP) is a protocol which is used to make 802.11
link level transmissions secure. This paper reveals the security flaws in
WEP and describes how a determined attacker can compromise the
vulnerabilities in WEP. The security flaws are several and allow users to
eavesdrop and even tamper with the transmissions.
WEP generates takes an input plain text P, and uses a cipher pair (v,k) to
generate an encrypted stream. v is the Initialization vector and k is the
key. The vulnerability of WEP is fundamentally because of the fixed size
of v, which is set to 24bits by the standard. v is publicly available
while k is private. Since the size of v is fixed by the standard, vendors
cannot change it. Because of the fixed size of v, the attacker just needs
to wait for v to be reused and using standard decryption techniques P can
be decoded. It so happens that since v is just 24 bits, the attacker has
to wait no more than a few hours on an average for the v to repeat. Even
more shocking is the fact that WEP does not define a standard for changing
v. Most implementations change it randomly, so v may repeat every few
minutes. The techniques for decoding P from the cipher streams is
described well in the paper.
The second serious flaw of WEP is in the checksum. This allows attackers
to tamper with the data and go undetected. CRCs are only meant to detect
random errors and are not designed to prevent malicious users from
tampering the data. This vulnerability of WEP is alarming as the attacker
can make arbitrary modifications to the data and even redirect the traffic
to itself. WEP does not take into account its interactions with other
layers and just focuses on link layer security. Hence IP redirection is an
easy hack against such protocols.
This paper teaches us many lessons. The foremost is that designing secure
protocols is very difficult. The engineers who design the protocols from
a piratical point of view need the expertize of the theoretical
cryptographers. Another insight we gain is that, end to end argument is
applicable even in security. Having a low level of security does not
ensure overall security, we need a minimum security at every level and the
strongest at the application level.
It is shocking that the designers of WEP overlooked common vulnerabilities
of stream ciphers. As the paper suggests making the standards public and
taking the review of cryptographers would have removed the obvious flaws
at the design stage itself.
All said, wireless networks work fine today. This is because an determined
attacker can eavesdrop only on his neighbors. Moreover secure
transactions for example which use credit card numbers are protected by
the application layer (SSL), which is very strong. Hence even though the
paper reveals some serious flaws in WEP they are not very alarming
practically. But, WEP definitely needs to be revamped from scratch as
wireless networks are ubiquitous today.
This archive was generated by hypermail 2.1.6 : Tue Nov 23 2004 - 21:17:04 PST